This deserves a a separate thread. Some comments have been made like
this from Arthur (in which I am in agreement) ::
"""
What's scarier is the number of devs who abrogate their
responsibility towards security by blindly using module X for some
functionality without taking the time to understand *how* it's
performing said functionality. They don't even know what the attack
vectors are. Web devs are the worst (in general, not implicating
anyone here) because they plug crap together with no real knowledge
of what's happening at the network and application protocol layers.
Most don't know their stack, they just know the icing they're
layering on top.
"""
I have been a CGI programmer for 17 years. I've built several CGI
interfaces from scratch, plus built CGI interfaces on top of simpler
ones, such as in my own python framework.
I deplore the sort of practices that are being described above, and
wish to distinguish between those knuckleheads and those like
myself, my business partner and other long-time web programmers that
I am acquainted with.
The reality is that more and more content on the web is being
created by systems that are built (in varying degrees of competence
and caution) by content management systems and more and more
websites are themselves __applications__.
-----------------------------------------
| Sysadmins will have to deal with this. |
-----------------------------------------
I've taken some time to learn
1)How to use drupal (a CMS/CMF)
2)Understand drupal (a separate issue, yes?)
3)Integrate drupal with my own legacy tools.
I've built two websites using drupal and they will be installed in
test dowmain. I like the way they "look". Frankly, I haven't got an
(graphic) artistic bone in my body and drupal does a whole lot of
stuff that would take me much longer to do "under the hood".
I'm going to push these to the server in the next day or two. I'm
going to contact my domain hosters techs and ask them for feedback
on how much mischief they can handle from hack attacks against the
domain - which I will invite from you folks. I haven't anything
critical on those hostings, which is the reason for the particular
locations.
I am aware that there are at least two drupalers on this list. I
hope to get feedback from them. And I am hoping that testing these
sites might prove beneficial and enlightening to them as well.
Heads up... harden, harden, harden
-- Tim tim at tee jay forty nine dot com or akwebsoft dot com http://www.akwebsoft.com --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Wed Feb 6 17:18:54 2013
This archive was generated by hypermail 2.1.8 : Wed Feb 06 2013 - 17:18:54 AKST